Commit Message

OpenSSL 1.1.1 introduces a seperate list for TLS 1.3 ciphers. As these
interfaces are meant to be user facing or not exposed at all and we
expose the tls-cipher interface, we should also expose tls-cipherlist.
Combining both settings into tls-cipher would add a lot of glue logic
that needs to be maintained and is error prone. On top of that, users
should not set either settings unless absolutely required.
OpenSSL's own s_client/s_server also expose both settings and I believe
most other software will too:
-cipher val Specify TLSv1.2 and below cipher list to be used
-ciphersuites val Specify TLSv1.3 ciphersuites to be used
For mbed TLS only the future can tell if we will see a combined or also
two seperate lists.
---
doc/openvpn.8 | 20 +++++++++++++---
src/openvpn/options.c | 7 ++++++
src/openvpn/options.h | 1 +
src/openvpn/ssl.c | 3 ++-
src/openvpn/ssl_backend.h | 13 ++++++++++-
src/openvpn/ssl_mbedtls.c | 13 +++++++++++
src/openvpn/ssl_openssl.c | 48 +++++++++++++++++++++++++++++++++++++++
7 files changed, 100 insertions(+), 5 deletions(-)